pull down to refresh
0 sats \ 1 reply \ @Zk2u 23 Jul \ parent \ on: REVEALED: Here's the Cellebrite Premium Device Support Matrix for July 2024 security
As far as I know, most cellebrite devices work by plugging in the device. If you enable lockdown mode and your phone is locked even after AFU, iOS will refuse any data connections over USB. They’d have to either exploit something from inside the phone or do a memory extraction which isn’t exactly easy. I don’t think graphene can protect from a memory extraction? I haven’t looked at the latter in much detail
I didn't get a notification to reply to this - I didn't mean to ignore this! I just saw when trying to search recent Cellebrite news on here.
As far as I know, most cellebrite devices work by plugging in the device. If you enable lockdown mode and your phone is locked even after AFU, iOS will refuse any data connections over USB
They can bypass this restriction. Cellebrite do not mention Lockdown Mode in the Premium documentation as it doesn't change anything for them. Users from a law-enforcement forensics chat room we previously monitored also still tell that this is the case (they claim to have special cables that have a payload to bypass that) and that it isn't exclusive to Cellebrite. Potentially Apple could make a fix for this, as they did make an automatic reboot feature recently that pissed the forensic companies off.
People are still leaking chats there saying this is the case like in here: (source)
For bespoke cases, the client would pay Cellebrite to have their expert teams find a way in themselves (called Advanced Services).
They’d have to either exploit something from inside the phone or do a memory extraction which isn’t exactly easy.
It's absolutely possible they could do that but they'd hate to do the former. They're both exploits that would meet the objective but it's apples and oranges.
They like their exploits to have as minimal data footprint as possible because if their extraction methods are modifying the owner's data then it can be used as a defence in court that the evidence is tampered which risks making it inadmissible. For example, Cellebrite have an APK downgrade feature for downgrading apps or OS components to outdated, vulnerable versions on Android to aid extractions. They say it is an absolute last resort when every other method has been exhausted, including attempting physical attacks. They could do it, but remote access a la NSO Group is for a different type of customer than what Cellebrite sells to.
I don’t think graphene can protect from a memory extraction? I haven’t looked at the latter in much detail
Hardened memory allocator in GrapheneOS zeroes memory when it is freed. It protected against a forensic company that exploited the Stock OS by RAM dumping from a bootloader exploit to get a derived hash they could brute force the OS PIN/password with. GrapheneOS recieved bounties and ASBs for reporting it and building a fix for that (post here) but the stock OS still falls behind what GrapheneOS does.
reply